vacuum
28th December 2015, 01:19 PM
This just in...
I'm Chris Vickery. I know your phone number, address, date of birth, and more (if you're registered to vote in the US).
I have recently downloaded voter registration records for 191 million Americans from a leaky database. I believe this is every registered voter in the entire country. To be very clear, this was not a hack.
The mysterious, insecure database is currently configured for public access. No password or other authentication is required at all. Anyone with an internet connection can grab all 300+ gigabytes.
We're talking about first name, middle name, last name, home address, mailing address, phone number, date of birth, party affiliation, and logs of whether or not you voted in primary/general elections all the way back to 2000. I looked myself up in the Texas table. It's accurate.
It is not known whether or not "high risk professionals" are included in this database. However, I have looked up several police officers in my city, and their data is indeed present.
I've been working with journalists and authorities for over a week to get this database shut down or secured. No luck so far.
Check out the initial coverage here: http://www.csoonline.com/article/3018592/security/database-configuration-issues-expose-191-million-voter-records.html
http://www.databreaches.net/191-million-voters-personal-info-exposed-by-misconfigured-database
(http://www.databreaches.net/191-million-voters-personal-info-exposed-by-misconfigured-database)
tl;dr: Feel sorry for any journalist that already wrote a "Biggest privacy breaches of 2015" story.
EDIT: Forbes article is up http://www.forbes.com/sites/thomasbrewster/2015/12/28/us-voter-database-leak/
(http://www.forbes.com/sites/thomasbrewster/2015/12/28/us-voter-database-leak/)
EDIT 2: I'll sum up the core issue for those that are denying the newsworthiness of this discovery:
Our society has never had to confront the idea of all these records, all in one place, being available to anyone in the entire world for any purpose instantly.
That's a hard pill to swallow.
I'm Chris Vickery. I know your phone number, address, date of birth, and more (if you're registered to vote in the US).
I have recently downloaded voter registration records for 191 million Americans from a leaky database. I believe this is every registered voter in the entire country. To be very clear, this was not a hack.
The mysterious, insecure database is currently configured for public access. No password or other authentication is required at all. Anyone with an internet connection can grab all 300+ gigabytes.
We're talking about first name, middle name, last name, home address, mailing address, phone number, date of birth, party affiliation, and logs of whether or not you voted in primary/general elections all the way back to 2000. I looked myself up in the Texas table. It's accurate.
It is not known whether or not "high risk professionals" are included in this database. However, I have looked up several police officers in my city, and their data is indeed present.
I've been working with journalists and authorities for over a week to get this database shut down or secured. No luck so far.
Check out the initial coverage here: http://www.csoonline.com/article/3018592/security/database-configuration-issues-expose-191-million-voter-records.html
http://www.databreaches.net/191-million-voters-personal-info-exposed-by-misconfigured-database
(http://www.databreaches.net/191-million-voters-personal-info-exposed-by-misconfigured-database)
tl;dr: Feel sorry for any journalist that already wrote a "Biggest privacy breaches of 2015" story.
EDIT: Forbes article is up http://www.forbes.com/sites/thomasbrewster/2015/12/28/us-voter-database-leak/
(http://www.forbes.com/sites/thomasbrewster/2015/12/28/us-voter-database-leak/)
EDIT 2: I'll sum up the core issue for those that are denying the newsworthiness of this discovery:
Our society has never had to confront the idea of all these records, all in one place, being available to anyone in the entire world for any purpose instantly.
That's a hard pill to swallow.